GitHub is fighting the biggest DDoS attack in the website's history, which is targeting anti-censorship projects that help China's internet users circumvent government censorship(GitHub)

Online code repository GitHub says it is still battling a continuous distributed denial of service (DDoS) attack that has lasted for four days and is the biggest in the website's history.

GitHub is a popular platform where computer programmers upload a wide variety of projects including software applications, game engines and web app frameworks, in order to work on developing the projects together and share useful tools for their work.

"The attack began around 2am UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic," GitHub wrote in a blog post on 27 March.

"Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content."

The DDoS attack seems to be targeting specifically the GreatFire and the CN-NYTimes projects, which exist to help internet users in China get around online censorship imposed by the Chinese government though the huge volume of traffic is affecting the entire website.

GitHub asked its users to keep an eye on its Twitter account for real-time updates, which show that the attack has continued and that the attackers keep changing tactics, as the most recent update, posted at 7.50am GMT on 30 March shows:

According to security firm Insight-Labs, the internet traffic directed at GitHub is coming from China and involves replacing legitimate tracking and advertising code from the Baidu search engine (China's equivalent of Google) with malicious java scripts that hijack HTTP connections and keep loading both of the anti-censorship projects "every two seconds".

Dave Larson from Corero Networks said this attack is indicative of how DDoS attacks evolve:

"We are seeing more often that DDoS attacks against web servers evolve over a period of 24-48 hours until they take down a site or their perpetrators give up and move on. GitHub have done the right thing in keeping their users informed of the status of the attacks. But when the attackers are sufficiently motivated and have extensive resources, which is common when the perpetrators are powerful syndicates or state actors, as may be the case here, it is difficult to stay ahead of the attack if your response methodology relies on human analysts."

GreatFire, a project created by developers who have been fighting against anti-censorship in China since 2013, announced on 19 March that it was "under attack" and asked for help as it was receiving up to "2.6 billion requests per hour which is about 2500 times more than normal levels".

The project also reported on 25 March that it has "concrete proof from Google" that the China Internet Network Information Centre (CNNIC), which is the government agency responsible for internet affairs in China, was complicit in the attacks and was found to have issued unauthorised digital certificates for several Google domains.

"In other words, even people outside China are being weaponised to target things the Chinese government does not like, for example, freedom of speech," said Insight-Labs.